0d146dc942
- Add SAN altnames vault.service.consul and vault.query.consul to cert - Add vault-direct HTTPS listener on port 8200 (TLS terminate, same cert) - Add vault-consul HTTPRoute binding consul DNS names to port 8200 listener - Add vault-direct port 8200 entrypoint to traefik-internal - Switch service_registration from kubernetes to consul (consul-server.consul.svc.cluster.local:8500)
74 lines
1.6 KiB
YAML
74 lines
1.6 KiB
YAML
server:
|
|
image:
|
|
repository: hashicorp/vault
|
|
tag: "2.0.1"
|
|
|
|
ha:
|
|
enabled: true
|
|
replicas: 5
|
|
|
|
raft:
|
|
enabled: true
|
|
setNodeId: true
|
|
config: |
|
|
ui = true
|
|
disable_mlock = true
|
|
|
|
listener "tcp" {
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
tls_disable = "true"
|
|
}
|
|
|
|
storage "raft" {
|
|
path = "/vault/data"
|
|
|
|
retry_join {
|
|
leader_api_addr = "http://vault-0.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-1.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-2.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-3.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-4.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
}
|
|
|
|
service_registration "consul" {
|
|
address = "consul-server.consul.svc.cluster.local:8500"
|
|
}
|
|
|
|
dataStorage:
|
|
enabled: true
|
|
size: 10Gi
|
|
storageClass: cephrbd-fast-delete
|
|
accessMode: ReadWriteOnce
|
|
|
|
statefulSet:
|
|
securityContext:
|
|
container:
|
|
capabilities:
|
|
add:
|
|
- IPC_LOCK
|
|
|
|
resources:
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 2Gi
|
|
cpu: 1000m
|
|
|
|
injector:
|
|
enabled: false
|
|
|
|
ui:
|
|
enabled: true
|
|
serviceType: ClusterIP
|